Compliance und Risiko
Trend Experts Weigh in on Global IT Outage Caused by CrowdStrike
On July 19, 2024, a large-scale outage emerged affecting Windows computers for many industries across the globe from financial institutions to hospitals to airlines. The source of this outage came from a single content update from CrowdStrike.
This is an extremely unfortunate situation for those affected, and we hope for a speedy remediation and recovery for all those involved.
While many eyes will be focused on the recovery of their Windows environment, it is important to remember to diligently monitor your non-Windows environments, as adversaries can take advantage of distracted teams. Our research team is constantly watching the general landscape to see if threat actors are taking advantage in any way and will share any significant developments here.
Current threat activities seen or concerned about
Updated: July 19 at 4:00 pm CT
Per our comment above, adversaries take advantage of these incidents to target victims with a multitude of attacks. We recommend you be on the lookout for:
- Phishing emails using the incident as a lure to click a link or open an attachment
- Technical support scams
- Adversaries targeting your non-Windows infrastructure
An example of a technical support scam is one recently found:
On 2024-07-18, CrowdStrike deployed a defective update that leads to Windows machines running CrowdStrike Falcon being stuck in an endless boot loop (or BSOD).
This program fixes that, and removes the defective updates from a Windows machine. The program is portable, without any dependencies, and can be used on USB flash drives, too.
PAYMENT
Product Type Supported Architectures Price Windows binary amd64 / x86 500.000 EUR Source Code (go) any 1.000.000 EUR
Wallet address: 0x1AEAe8c6F600d85b3b676ac49bb3816A4eB4455b
Accepted payment options: BTC or ETH
This comes from a crypto scam site: fix-crowdstrike-apocalypse[.]com.
Updated: July 20 at 9:00 pm CT
Another example of a technical support scam, this one claiming to provide assistance to affected organizations, can be seen below:
This tech support scam can be found at crowdstrikebluescreen[.]com.
Legal scams involving this incident have also been seen:
This legal scam was found at crowdstrikeclaim[.]com.
Updated: July 19 at 4:00 pm CT
Per our comment above, adversaries take advantage of these incidents to target victims with a multitude of attacks. We recommend you be on the lookout for:
- Phishing emails using the incident as a lure to click a link or open an attachment
- Technical support scams
- Adversaries targeting your non-Windows infrastructure
An example of a technical support scam is one recently found:
On 2024-07-18, CrowdStrike deployed a defective update that leads to Windows machines running CrowdStrike Falcon being stuck in an endless boot loop (or BSOD).
This program fixes that, and removes the defective updates from a Windows machine. The program is portable, without any dependencies, and can be used on USB flash drives, too.
PAYMENT
Product Type Supported Architectures Price Windows binary amd64 / x86 500.000 EUR Source Code (go) any 1.000.000 EUR
Wallet address: 0x1AEAe8c6F600d85b3b676ac49bb3816A4eB4455b
Accepted payment options: BTC or ETH
This comes from a crypto scam site: fix-crowdstrike-apocalypse[.]com.